Traditional algorithms turn small, structured data elements, such as 16-digit credit card numbers, into larger, binary fields. As a result, implementing these algorithms typically required massive re-engineering of databases and applications in order to accommodate the modified data sizes and formats. FPE eliminates this requirement by encrypting data in a way that does not alter the data format, resulting in strong encryption with few changes to the way applications already work.

Key features and capabilities of format-preserving encryption

Datatype agnostic: Supports data of virtually any format, including numeric, alphanumeric, and even date fields.

One example is how e-Commerce merchants can use PIE to reduce PCI exposure of web and intermediate hosts. PIE integrates via a Javascript library and a single API call within the web page, making the breach of a browser session useless for decrypting any other data in the system.

Visualizing how SecureData Web works with PIE technology

Using the SecureData Web with the PIE technology solution increases the security of e-Commerce platforms without impacting the buyer experience, while also reducing merchant PCI scope.

After card data is secured to the host, SecureData Tokenization can be used to replace PAN data in storage.

What is stateless key management?

Stateless Key Management enables on-demand key generation and re-generation without an ever-growing key store. The result is a system that can be infinitely scaled across distributed physical and logical locations with no additional overhead.

Extends IT investment in existing Identity Management infrastructure: Stateless key management can be linked to existing Identity Management infrastructure including roles and groups. Permission to decrypt or de-tokenize can be assigned on an application or user basis, and can be managed through external LDAP directories, taking advantage of LDAP groups to simplify user management.